My Experience with the Practical AI Pentest Associate (PAPA) Certification by TCM Security

This is my first article on Medium platform, so thank you for stopping by and reading. I recently had the opportunity to take the Practical AI Pentest Associate (PAPA) certification exam from TCM Security during the Songkran holiday, and I wanted to share my experience for anyone interested in AI security or offensive security in general.

To make this easier to follow, I've divided the article into four sections:

  1. Motivation and how I got started
  2. The courses and learning materials
  3. Study strategy and exam preparation
  4. The exam experience and final thoughts

===1. Motivation and How I Got Started===

I've known about TCM Security for quite a while. Back when I was preparing for the OSCP+, I took several of their courses to strengthen my fundamentals before the exam. After that, however, I shifted my focus toward OSCP preparation and later became more interested in experimenting with automation and AI.

Earlier this year, while working with some teammates, I overheard them talking about something called the "PAPA Cert." The name immediately caught my attention because in Thai, "PAPA" sounds similar to pa-pa ("dad"), so I asked them what it was.

They explained that it stood for Practical AI Pentest Associate (PAPA) by TCM Security — a hands-on certification focused on AI penetration testing. They also mentioned that purchasing the exam voucher included access to preparatory courses. When they showed me the course syllabus, I became genuinely interested.

Since I already had some background in automation and AI, many of the concepts felt familiar, and I could immediately see how relevant the material would be for modern cybersecurity work. That conversation became the starting point of this journey.

===2. The Courses===

As of May 9, 2026, the PAPA certification voucher costs $249 USD. The package includes:

  • Access to two courses include AI 100: Fundamentals and AI Hacking 101 (12 months of on-demand course access)
  • Hands-on local labs
  • One exam voucher valid for 12 months (One free retake if the first attempt is unsuccessful)

Official details can be found here: https://certifications.tcm-sec.com/papa/

None
None

AI 100: Fundamentals

This course focuses on building foundational AI knowledge.

It starts from the basics — neural networks, how AI systems work, and the evolution toward modern Large Language Models (LLMs). The instructor explains LLM's concepts such as:

  • LLM architecture
  • Local LLM deployment with Ollama
  • Ollama APIs
  • System prompts
  • Temperature and Top-p settings

One thing I appreciated is that the course avoids unnecessary mathematical complexity. The explanations are straightforward and practical, making the content accessible even for learners without prior AI experience. The goal is not to turn students into AI researchers, but to provide enough understanding to confidently move into AI security topics.

AI Hacking 101

This is where the course becomes significantly more security-focused.

AI Hacking 101 dives into practical AI penetration testing methodologies and includes topics such as:

  • AI threat modeling
  • OWASP LLM Top 10
  • MITRE ATLAS Framework
  • LLM reconnaissance and fingerprinting
  • Prompt injection
  • Jailbreaking
  • Harmful or wasteful output testing
  • Role-Based Access Controls testing
  • Excessive agency testing
  • Retrieval-Augmented Generation (RAG) security testing

One of the strongest aspects of this course is how the labs are structured around a realistic Rule of Engagement (ROE) document. Instead of random exercises, the labs simulate real client engagements with defined scopes and objectives. This is extremely important. In real-world pentesting, misunderstanding the scope can lead to incomplete assessments or even violations of client agreements. The same mindset applies to TCM Security exams: if you overlook part of the scope, you may miss critical findings or fail to fully address the exam requirements.

Another feature I really liked was the adjustable security difficulty in the lab environment. The provided LLM application can be configured from Level 1 (Weakest) to Level 5 (Strongest). I highly recommend practicing across all levels. The higher difficulty settings force you to think more creatively and develop alternative attack techniques, which becomes extremely valuable during the exam.

Course Links

Recommended System Requirements

According to the course documentation, you'll need:

  • A computer capable of running virtual machines
  • 16 GB RAM minimum (32 GB recommended)
  • At least 100 GB free storage

From my experience, I strongly recommend using a machine with a dedicated GPU. Since you'll be running local LLMs through Ollama, CPU-only setups struggle significantly even with smaller 7B models. Using an SSD also helps a lot with overall performance.

One important note: if you already have solid AI pentesting experience, you can skip the courses entirely and go straight to the exam. TCM Security does not require course completion before taking the certification.

===3. Study Strategy and Exam Preparation===

Since I had no prior experience in AI penetration testing, I decided to follow the courses in order:

  1. AI 100: Fundamentals
  2. AI Hacking 101

I completed every lab exercise and repeated them until I fully understood not just how the attacks worked, but why they worked.

I also built my own cheat sheets containing useful prompts, payloads, and testing techniques gathered from both the course material and external resources.

For preparation, I spent significant time practicing across all security levels in the lab environment. This was probably one of the most valuable parts of my preparation process because it helped me:

  • Understand how defenses evolve
  • Adapt attack strategies
  • Develop more flexible thinking during testing

Most weekdays, I studied around 2–3 hours after work. On weekends or holidays, I typically spent 4–6 hours — sometimes more when motivation was high.

===4. The Exam Experience===

The PAPA exam is a fully hands-on AI penetration testing assessment.

TCM Security provides:

  • A dedicated exam lab environment
  • VPN access
  • A Rule of Engagement (ROE) document
  • Two days for the practical exam
  • Two additional days for report writing and submission

The exam is fully on-demand. There's no need to schedule in advance — you simply start whenever you're ready.

However, once you start the lab, the timer runs continuously. There's no pause function.

The scenario simulates a real client engagement where you are hired to perform an AI pentest against an LLM application.

Another interesting aspect is that the exam is not proctored. You are free to use your preferred workflows, tools, and techniques during the assessment.

The exam does not use a flag-based system (No CTF), which means there are no built-in indicators telling you whether you've successfully identified a vulnerability or fully completed the assessment scope. In that sense, the experience closely resembles a real-world penetration test engagement.

Because of this, whenever you discover something that appears to be a vulnerability during the exam, it's important to properly reproduce the issue, validate its impact, and document the full process clearly. You must be able to demonstrate that the finding is legitimate and explain it thoroughly in your exam report, since TCM Security evaluates the assessment based on the quality and accuracy of your findings and documentation.

My Advice for the Exam

1. Read the ROE Carefully

This is probably the most important advice I can give.

Take time to fully understand the scope and objectives. Missing a small detail in the ROE can lead to incomplete testing, overlooked vulnerabilities, or an insufficient report.

2. Take Breaks

Long hands-on exams are mentally exhausting.

During my first 18 hours, I found some vulnerabilities, but nothing particularly severe. After taking a short sleep break and having lunch, I suddenly came back with fresh ideas and discovered several higher-impact findings.

Sometimes stepping away from the keyboard is more productive than forcing yourself to continue while mentally exhausted.

3. Stay Relaxed

I personally listened to music during the exam. It helped me stay calm and focused, and it's completely allowed.

A relaxed mindset often leads to better creativity — especially important in AI security testing where unconventional thinking matters.

4. Don't Panic Early

If you don't find much during the first few hours, that's normal.

There's usually an initial adjustment period before your thought process starts flowing naturally. This has happened to me in several hands-on certifications.

Warm up slowly, keep testing methodically, and take breaks when needed.

5. Don't Tie Your Self-Worth to the Exam Result

This may be the hardest advice to follow.

Everyone wants to pass on the first attempt, and that pressure can become overwhelming. But failing an exam does not define someone's intelligence, value, or professional capability.

Many highly skilled professionals fail certifications before eventually succeeding. In many cases, repeated attempts become powerful learning experiences that reveal weaknesses and drive long-term growth.

What matters most is not the exam result itself, but what you learn from the process and how you improve afterward.

6. Capture Screenshots Throughout the Exam

Don't forget to capture screenshots of important steps during the assessment.

These screenshots are essential when writing the exam report, as they help demonstrate and clearly explain how each vulnerability was identified and reproduced. Proper documentation is a major part of the evaluation process.

Personally, I recommend taking screenshots immediately while performing the testing rather than trying to recreate everything afterward. Waiting until the end can become risky and time-consuming.

Once your exam lab access expires, the environment is automatically shut down and can no longer be accessed again. If you forget to collect evidence before the timer ends, you may not have enough material to properly support your findings in the report.

Final Thoughts

Overall, I found the PAPA exam challenging but fair.

It definitely requires creativity and "thinking outside the box," especially during the practical exploitation phase. However, if you complete the courses thoroughly and practice the labs across all difficulty levels, you'll build the mindset needed to approach the exam successfully.

About 5–6 days after submitting my report, I received an email from TCM Security informing me that the results were available.

The final result:

Passed :)

None

And of course, receiving the certificate and badge afterward felt incredibly rewarding.

None
Practical AI Pentest Associate Badge
None
Practical AI Pentest Associate Certificate

Conclusion

In my opinion, If you're looking to start learning about AI penetration testing or expand your offensive AI security skills, I think the Practical AI Pentest Associate (PAPA) certification is an excellent option.

The courses are beginner-friendly while still covering practical and highly relevant topics. Beyond the technical knowledge itself, the program also helps develop the right mindset for testing modern AI systems.

As one of the earlier practical AI pentesting certifications on the market — and at a relatively accessible price point — I believe it provides a strong foundation for anyone interested in pursuing deeper AI security expertise in the future.

Finally, I'd like to thank my teammates for introducing me to this certification and inspiring me to begin this journey. I hope this article is helpful for anyone considering the PAPA certification from TCM Security.

Thanks again for reading, and I wish all of you success in your own learning journey.